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DETAILED ACTION 

1. This action is in response to request for reconsideration filed on July 12, 2004. 
Original application contained Claims 1-17. Applicant has not amended any claims. 
No Claims were cancelled. New Claims 18, 19 and 20 are added. Therefore, presently 
pending claims are 1 - 20. 

Response to Arguments 

2. Applicant's arguments filed on July 09, 2004, have been fully considered but they 
are not persuasive for the following reasons: 

Regarding independent claims 1,16 and 1 7, applicant argues that the cited prior art 
(CPA) [Muftic U.S. Patent 5,745,574] does not teach or disclose, "a contact list 
associated with a given entity or device" and "using a contact list in conjunction with a 
revocation list to determine which of at least a subset of one or more other entities are 
authorized to communicate with the given entity or device". These arguments are not 
found persuasive. Applicant agrees that Muftic teaches that a method and/or system 
provides security in a computer system and the infrastructure includes a hierarchical 
certification system and a repository that stores information such as public key 
certificates and revocation lists. Muftic clearly teaches the infrastructure comprises 
storage areas for storing data structures such as electronic addresses, electronic 
identities and/or public key certificates, certificate revocation lists and/or entity 
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identification infornnation (Column 6 lines 33 - 64 and Column 10 line 19 - Column 12 
line 64). Muftic also discloses "using a contact list associated with a given entity or 
device" (column 5 lines 51-61) and "using contact list in conjunction with a revocation 
list to determine which of at least a subset of one or more other entities are authorized 
to communicate with the given entity or device" (Column 6 lines 29 - 38 and Column 7 
lines 4 -20). 

As for Claim 5, applicant argues that the CPA does not teach that the contact list 
includes a "plurality of entities where each entry includes an identifier of a particular one 
of the other entities and a corresponding revocation flag indicating whether 
authorization of the particular entity has been revoked". This argument is not found 
persuasive. Muftic clearly teaches that the system stores information such as public key 
certificates, certificate revocation lists and registration information and Muftic also 
discloses the method generates a data structure containing the data items required for 
registration (self-signing) and also this information is stored either at the requesting 
computer process or at a common certificate repository (Column 5 lines 51 - 64 and 
Column 6 lines 29 -38). 

As for new added Claim 18, Muftic discloses an apparatus of Claim 16, for 
controlling access to information wherein, the contact list comprises a plurality of entities 
each entry including at least an identifier of a particular one of the other entities and a 
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corresponding revocation flag indicating whetlier authorization of the particular entity 
has been revoked (Column 14 lines 35 - 53). 

As for new added Claim 19, Muftic discloses an article of manufacture of Claim 
17, wherein the contact list comprises a plurality of entries, each entry including at least 
an identifier of a particular one of the other entities and a corresponding revocation flag 
indicating whether authorization of the particular entity has been revoked (Column 14 
lines 35 - 53). 

As for new added Claim 20, Muftic discloses an article of manufacture of Claim 
19, wherein the programs when executed implement the further step of updating the 
contact list after a modification of the revocation list (Column 14 line 64 - Column 15 
line 25). 

Applicant clearly has failed to explicitly identify specific claim limitations, which 
would define a patentable distinction over prior arts. Therefore, the examiner 
respectfully asserts that CPA does teach or suggest the subject matter broadly recited 
in independent claims 1,16 and 17. Dependent claims 2 - 15, 18 - 20 are also rejected 
at least by virtue of their dependency on independent claims and by other reason set 
forth in this office action. Accordingly, rejections for claims 1 - 20 are respectfully 
maintained. 



Application/Control Number: 09/456,689 Page 5 

Art Unit: 2136 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or 
in public use or on sale in this country, nnore than one year prior to the date of application for 
patent in the United States. 

3. Claims 1 - 10 and 12 - 20 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Muftic (US Patent 5,745,574). 

Regarding Claim 1, Muftic teaches and describes a method for 
controlling access to the information, the method comprising the steps of: 
maintaining, for a given entity controlling access to the information, a contact list 

comprising information identifying one or more other entities which have attempted to 

communicate with the given entity (Column 5 lines 51 - 61); and 

utilizing the contact list in conjunction with a revocation list associated with the 

given entity to determine which of at least a subset of the one or more other entities are 

authorized to communicate with the given entity (Column 6 lines 29 - 38 and Column 7 

lines 4 -20). 

Regarding Claim 16, Muftic teaches and describes an apparatus 
for controlling access to the information, the apparatus comprising: 
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a processor-based device for controlling access to information, wherein the 
processor-based device is operative to maintain a contact list comprising information 
identifying one or more other entities which have attempted to communicate with the 
processor-based device (Column 5 lines 51 - 61), and 

to utilize the contact list in conjunction with a revocation list associated with the 
given entity to determine which of at least a subset of the one or more other entities are 
authorized to communicate with the processor-based device (Column 6 lines 29 - 38 
and Column 7 lines 4 - 20). 

Regarding Claim 17, Muftic teaches and describes an article of 
manufacture comprising a machine-readable storage medium containing one or more 
software programs for use in controlling access to the information, wherein the 
programs when executed implement the steps of: 

maintaining, for a given entity a controlling access to information, a contact list 
comprising information identifying one or more other entities which have attempted to 
communicate with the given entity (Column 5 lines 51 - 61 ); and 

utilizing the contact list in conjunction with a revocation list associated with the 
given entity to determine which of at least a subset of the one or more other entities are 
authorized to communicate with the given entity (Column 6 lines 29 - 38 and Column 7 . 
lines 4 - 20). 
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Claim 2 is rejected as applied above in rejecting claim 1. Furthermore, Muftic 
teaches and describes a method for controlling access to information, wherein: the 
given entity and at least a subset of the one or more other entities each comprise a 
consumer electronics device (Column 5 lines 51 - 54 and Column 9 lines 64 - 67). 

Claim 3 is rejected as applied above in rejecting claim 1. Furthermore, Muftic 
teaches and describes a method for controlling access to information, wherein: the 
maintaining and utilizing steps are implemented in an access control system associated 
with the given entity (Column 5 lines 51 - 61 , Column 6 lines 1 - 21 and 47 - 64). 

Claim 5 is rejected as applied above in rejecting claim 1 . Furthermore, Muftic 
teaches and describes a method for controlling access to information, wherein: the 
contact list comprises a local revocation list stored in the access control system 
(Column 5 lines 51 - 64 and Column 6 lines 29 - 38). 

Claim 13 is rejected as applied above in rejecting claim 1. Furthermore, Muftic 
teaches and describes a method for controlling access to information including the step 
of periodically generating a digital signature for at least a portion of the contact list 
(Column 6 lines 29-65). 

Claim 15 is rejected as applied above in rejecting claim 1. Furthermore, Muftic 
teaches and describes a method for controlling access to information, wherein each of 
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at least a subset of the other entities stores a contact list having entries corresponding 
to entities which have attempted to communicate with those other entities (Column 5 
lines 55 - 61 and Column 7 lines 43 - 53). 

Claim 18 is rejected as applied above in rejecting claim 16. Furthermore, Muftic 
teaches and describes an apparatus for controlling access to information, wherein the 
contact list comprises a plurality of entities each entry including at least an identifier of a 
particular one of the other entities and a corresponding revocation flag indicating 
whether authorization of the particular entity has been revoked (Column 14 lines 35 - 
53). 

Claim 19 is rejected as applied above in rejecting claim 17. Furthermore, Muftic 
teaches and describes an article of manufacture, wherein the contact list comprises a 
plurality of entries, each entry including at least an identifier of a particular one of the 
other entities and a corresponding revocation flag indicating whether authorization of 
the particular entity has been revoked (Column 14 lines 35 - 53). 

Claim 4 is rejected as applied above in rejecting claim 3. Furthermore, Muftic 
teaches and describes a method for controlling access to information, wherein: the 
revocation list comprises a local revocation list stored in the access control system 
(Column 5 lines 51 - 54, Fig.2 #240 and Column 10 lines 19 - 25). 
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Claim 6 is rejected as applied above in rejecting claim 5. Furthermore, Muftic 
teaches and describes a method for controlling access to information including the step 
of updating the contact list after a modification of the revocation list (Column16 lines 34 
-67 to Column 17 line 22). 

Claim 8 is rejected as applied above in rejecting claim 5. Furthermore, Muftic 
teaches and describes a method for controlling access to information including the step 
of updating the contact list if a new entity not already included in the contact list 
attempts to communicate with the given entity (Column 7 lines 21 - 52). 

Claim 12 is rejected as applied above in rejecting claim 5. Furthermore, Muftic 
teaches and describes a method for controlling access to information, wherein: the 
contact list is configured such that the revocation flag of a particular entry may not be 
cleared once that flag has been set been set as long as that entry remains in the 
contact list (Column 16 lines 1 - 33). 

Claim 20 is rejected as applied above in rejecting claim 19. Furthermore, Muftic 
teaches and describes an article of manufacture, wherein the programs when executed 
implement the further step of updating the contact list after a modification of the 
revocation list (Column 14 line 64 - Column 15 line 25). 
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Claim 14 is rejected as applied above in rejecting claim 13. Furthermore, Muftic 
teaches and describes a method for controlling access to information including the step 
of updating the digital signature each time the contact list is updated (Column 6 lines 47 
- 60 and Column 7 lines 21 - 27). 

Claim 7 is rejected as applied above in rejecting claim 6. Furthermore, Muftic 
teaches and describes a method for controlling access to information, wherein: the step 
of updating the contact list after a modification of the revocation list further includes the 
steps of: 

identifying all of the entities in the contact list that do not have their 
corresponding revocation flag set (Column 6 lines 65 - Column 7 line 20); and 

determining, for each of the entities identified as being on the contact list but not 
having a set revocation flag, whether that entity is on the modified local revocation list, 
setting its revocation flag in the contact list (Column 16 lines 7 - 20). 

Claim 9 is rejected as applied above in rejecting claim 8. Furthermore, Muftic 
teaches and describes a method for controlling access to information, wherein: the step 
of updating the contact list if a new entity not already included in the contact list if a new 
entity not already included in the contact list attempts to communicate with the given 
entity further includes the steps of: 

storing in the contact list an entity identifier for the new entity if there is sufficient 
space available in the contact list (Column 16 lines 41 - 46); and 
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determining if the new entity is on the revocation list; and if it is, setting the 
corresponding revocation flag the new entity in the contact list (Column 16 lines 41 - 67 
up to Column 17 line 22). 

Claim 10 is rejected as applied above in rejecting claim 9. Furthermore, Muftic 
teaches and describes a method for controlling access to information including the step 
of selecting a particular entry of the contact list for removal from the contact list if there 
is not sufficient space available in the contact list for the new entity (Column 7 lines 53 - 
64). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all - 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 

4. Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Muftic 
(U.S. Patent 5,745,574 hereinafter "Muftic") in view of De Jesus et al. (U.S. Patent 



5,832,206 hereinafter "De Jesus"). 
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Claim 11 is rejected as applied above in rejecting claim 10. Furthermore, Muftic 
teaches and describes a method for controlling access to information including the step 
of selecting a particular entry of the contact list for removal. Muftic does not explicitly 
describe the selecting step is implemented using a random or pseudo-random selection 
process. However, De Jesus discloses a method to provide security for a keypad 
processor of a transaction terminal wherein the selecting step is implemented using a 
random selection process (De Jesus Column 8 lines 44 - 56 and Column 10 lines 47 - 
56). Therefore, it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to combine the teachings of Muftic and De Jesus, a method for 
controlling access to information including the step of selecting a particular entry of the 
contact list for removal as taught by Muftic and the selecting step to be implemented 
using a random selection process as taught by De Jesus to insure that an electronic 
eavesdropper will be unable to differentiate the actual selection algorithm. The 
motivation would be to provide a normalized deletion rather than criteria based thereby 
minimizing computation time. 

Conclusion 



5. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 703- 
305-8912. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 



Pramila Parthasarathy 
November 13, 2004. 




